| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // <code>chrome.easyUnlockPrivate</code> API that provides hooks to Chrome to |
| 6 // be used by Easy Unlock component app. |
| 7 [nodoc] namespace easyUnlockPrivate { |
| 8 // Signature algorithms supported by the crypto library methods used by |
| 9 // Easy Unlock. |
| 10 enum SignatureType { |
| 11 HMAC_SHA256, |
| 12 ECDSA_P256_SHA256 |
| 13 }; |
| 14 |
| 15 // Encryption algorithms supported by the crypto library methods used by |
| 16 // Easy Unlock. |
| 17 enum EncryptionType { |
| 18 AES_256_CBC |
| 19 }; |
| 20 |
| 21 // Options that can be passed to |unwrapSecureMessage| method. |
| 22 dictionary UnwrapSecureMessageOptions { |
| 23 // The data associated with the message. For the message to be succesfully |
| 24 // verified, the message should have been created with the same associated |
| 25 // data. |
| 26 ArrayBuffer? associatedData; |
| 27 |
| 28 // The encryption algorithm that should be used to decrypt the message. |
| 29 // Should not be set for a cleartext message. |
| 30 EncryptionType? encryptType; |
| 31 |
| 32 // The algorithm to be used to verify signature contained in the message. |
| 33 // Defaults to |HMAC_SHA256|. |ECDSA_P256_SHA256| can currently be used |
| 34 // only with cleartext messages. |
| 35 SignatureType? signType; |
| 36 }; |
| 37 |
| 38 dictionary CreateSecureMessageOptions { |
| 39 // Data associated with the message. The data will not be sent with the |
| 40 // message, but the message recepient will use the same data on its side |
| 41 // to verify the message. |
| 42 ArrayBuffer? associatedData; |
| 43 |
| 44 // Metadata to be added to the message header. |
| 45 ArrayBuffer? publicMetadata; |
| 46 |
| 47 // Verification key id added to the message header. Should be set if the |
| 48 // message is signed using |ECDSA_P256_SHA256|. It's used by the message |
| 49 // recepient to determine which key should be used to verify the message |
| 50 // signature. |
| 51 ArrayBuffer? verificationKeyId; |
| 52 |
| 53 // The encryption algorithm that should be used to encrypt the message. |
| 54 // Should not be set for a cleartext message. |
| 55 EncryptionType? encryptType; |
| 56 |
| 57 // The algorithm to be used to sign the message. |
| 58 // Defaults to |HMAC_SHA256|. |ECDSA_P256_SHA256| can currently be used |
| 59 // only with cleartext messages. |
| 60 SignatureType? signType; |
| 61 }; |
| 62 |
| 63 // Callback for crypto methods that return a single array buffer. |
| 64 callback DataCallback = void(optional ArrayBuffer data); |
| 65 |
| 66 // Callback for method that generates an encryption key pair. |
| 67 callback KeyPairCallback = void(optional ArrayBuffer public_key, |
| 68 optional ArrayBuffer private_key); |
| 69 |
| 70 interface Functions { |
| 71 // Generates a ECDSA key pair for P256 curve. |
| 72 // Public key will be in format recognized by secure wire transport protocol |
| 73 // used by Easy Unlock app. Otherwise, the exact format for both key should |
| 74 // should be considered obfuscated to the app. The app should not use them |
| 75 // directly, but through this API. |
| 76 // |callback|: Callback with the generated keys. On failure, none of the |
| 77 // keys will be set. |
| 78 static void generateEcP256KeyPair(KeyPairCallback callback); |
| 79 |
| 80 // Given a private key and a public ECDSA key from different asymetric key |
| 81 // pairs, it generates a symetric encryption key using EC Diffie-Hellman |
| 82 // scheme. |
| 83 // |privateKey|: A private key generated by the app using |
| 84 // |generateEcP256KeyPair|. |
| 85 // |publicKey|: A public key that should be in the same format as the |
| 86 // public key generated by |generateEcP256KeyPair|. Generally not the |
| 87 // one paired with |private_key|. |
| 88 // |callback|: Function returning the generated secret symetric key. |
| 89 // On failure, the returned value will not be set. |
| 90 static void performECDHKeyAgreement(ArrayBuffer privateKey, |
| 91 ArrayBuffer publicKey, |
| 92 DataCallback callback); |
| 93 |
| 94 // Creates a secure, signed message in format used by Easy Unlock app to |
| 95 // establish secure communication channel over unsecure connection. |
| 96 // |payload|: The payload the create message should carry. |
| 97 // |key|: The key used to sign the message content. If encryption algorithm |
| 98 // is set in |options| the same key will be used to encrypt the message. |
| 99 // |options|: Additional (optional) parameters used to create the message. |
| 100 // |callback|: Function returning the created message bytes. On failure, |
| 101 // the returned value will not be set. |
| 102 static void createSecureMessage( |
| 103 ArrayBuffer payload, |
| 104 ArrayBuffer key, |
| 105 CreateSecureMessageOptions options, |
| 106 DataCallback callback); |
| 107 |
| 108 // Authenticates and, if needed, decrypts a secure message. The message is |
| 109 // in the same format as the one created by |createSecureMessage|. |
| 110 // |secureMessage|: The message to be unwrapped. |
| 111 // |key|: Key to be used to authenticate the message sender. If encryption |
| 112 // algorithm is set in |options|, the same key will be used to decrypt |
| 113 // the message. |
| 114 // |options|: Additional (optional) parameters used to unwrap the message. |
| 115 // |callback|: Function returning an array buffer containing cleartext |
| 116 // message header and body. They are returned in a single buffer in |
| 117 // format used inside the message. If the massage authentication or |
| 118 // decryption fails, the returned value will not be set. |
| 119 static void unwrapSecureMessage( |
| 120 ArrayBuffer secureMessage, |
| 121 ArrayBuffer key, |
| 122 UnwrapSecureMessageOptions options, |
| 123 DataCallback callback); |
| 124 }; |
| 125 }; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 391513002:
Add easyUnlockPrivate extension API (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src